From d71ef9c6d810115bfe0de6327139c6886932cdb8 Mon Sep 17 00:00:00 2001 From: José Padilla Date: Mon, 15 Dec 2014 21:48:31 -0400 Subject: Closes #2281 --- docs/api-guide/relations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/api-guide/relations.md b/docs/api-guide/relations.md index a79b6ea5..e56db229 100644 --- a/docs/api-guide/relations.md +++ b/docs/api-guide/relations.md @@ -397,7 +397,7 @@ We could define a custom field that could be used to serialize tagged instances, return 'Note: ' + value.text raise Exception('Unexpected type of tagged object') -If you need the target of the relationship to have a nested representation, you can use the required serializers inside the `.to_native()` method: +If you need the target of the relationship to have a nested representation, you can use the required serializers inside the `.to_representation()` method: def to_representation(self, value): """ -- cgit v1.2.3 From c6137bbf5aa7ca800e4afc06657e5196b2e0e481 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 14:14:51 +0000 Subject: Serializer API restrictions. --- docs/api-guide/serializers.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs') diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md index 5fe6b4c2..137cc9d5 100644 --- a/docs/api-guide/serializers.md +++ b/docs/api-guide/serializers.md @@ -240,6 +240,12 @@ Serializer classes can also include reusable validators that are applied to the For more information see the [validators documentation](validators.md). +## Accessing the initial data and instance + +When passing an initial object or queryset to a serializer instance, the object will be made available as `.instance`. If no initial object is passed then the `.instance` attribute will be `None`. + +When passing data to a serializer instance, the unmodified data will be made available as `.initial_data`. If the data keyword argument is not passed then the `.initial_data` attribute will not exist. + ## Partial updates By default, serializers must be passed values for all required fields or they will raise validation errors. You can use the `partial` argument in order to allow partial updates. -- cgit v1.2.3 From 3fff5cb6e0960b7ff8abd9f13a075f1f057de0a7 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 15:13:48 +0000 Subject: Fix empty HTML values when a default is provided. --- docs/api-guide/fields.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs') diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md index e4ef1d4a..f06db56c 100644 --- a/docs/api-guide/fields.md +++ b/docs/api-guide/fields.md @@ -112,6 +112,8 @@ Two options are currently used in HTML form generation, `'input_type'` and `'bas A boolean representation. +When using HTML encoded form input be aware that omitting a value will always be treated as setting a field to `False`, even if it has a `default=True` option specified. This is because HTML checkbox inputs represent the unchecked state by omitting the value, so REST framework treats omission as if it is an empty checkbox input. + Corresponds to `django.db.models.fields.BooleanField`. **Signature:** `BooleanField()` -- cgit v1.2.3 From 1ba822010d0943c67c127f3f62e873b64348ef87 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 15:22:27 +0000 Subject: Highlight trailing '.' in command so it wont be missed. --- docs/tutorial/quickstart.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/tutorial/quickstart.md b/docs/tutorial/quickstart.md index c3f95994..a4474c34 100644 --- a/docs/tutorial/quickstart.md +++ b/docs/tutorial/quickstart.md @@ -19,7 +19,7 @@ Create a new Django project named `tutorial`, then start a new app called `quick pip install djangorestframework # Set up a new project with a single application - django-admin.py startproject tutorial . + django-admin.py startproject tutorial . # Note the trailing '.' character cd tutorial django-admin.py startapp quickstart cd .. -- cgit v1.2.3 From bbd55fafc5e29d9984ca87297a6487cacfa71083 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 15:58:30 +0000 Subject: Version 3.0.2 --- docs/topics/release-notes.md | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index f00d3c54..aaaaeb58 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,9 +40,22 @@ You can determine your currently installed version using `pip freeze`: ## 3.0.x series +### 3.0.2 + +**Date**: [December 2014][3.0.2-milestone]. + + +* Ensure `request.user` is made available to response middleware. ([#2155][gh2155]) +* `Client.logout()` also cancels any existing `force_authenticate`. ([#2218][gh2218], [#2259][gh2259]) +* Extra assertions and better checks to preventing incorrect serializer API use. ([#2228][gh2228], [#2234][gh2234], [#2262][gh2262], [#2263][gh2263], [#2266][gh2266], [#2267][gh2267], [#2289][gh2289], [#2291][gh2291]) +* Fixed `min_length` message for `CharField`. ([#2255][gh2255]) +* Fix `UnicodeDecodeError`, which can occur on serializer `repr`. ([#2270][gh2270], [#2279][gh2279]) +* Fix empty HTML values when a default is provided. ([#2280][gh2280], [#2294][gh2294]) +* Fix `SlugRelatedField` raising `UnicodeEncodeError` when used as a multiple choice input. ([#2290][gh2290]) + ### 3.0.1 -**Date**: [December 2014][3.0.1-milestone]. +**Date**: [11th December 2014][3.0.1-milestone]. * More helpful error message when the default Serializer `create()` fails. ([#2013][gh2013]) * Raise error when attempting to save serializer if data is not valid. ([#2098][gh2098]) @@ -665,9 +678,11 @@ For older release notes, [please see the GitHub repo](old-release-notes). [ticket-582]: https://github.com/tomchristie/django-rest-framework/issues/582 [rfc-6266]: http://tools.ietf.org/html/rfc6266#section-4.3 [old-release-notes]: https://github.com/tomchristie/django-rest-framework/blob/2.4.4/docs/topics/release-notes.md#04x-series -[3.0.1-milestone]: https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%223.0.1+Release%22 +[3.0.1-milestone]: https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%223.0.1+Release%22 +[3.0.2-milestone]: https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%223.0.2+Release%22 + [gh2013]: https://github.com/tomchristie/django-rest-framework/issues/2013 [gh2098]: https://github.com/tomchristie/django-rest-framework/issues/2098 [gh2109]: https://github.com/tomchristie/django-rest-framework/issues/2109 @@ -697,3 +712,21 @@ For older release notes, [please see the GitHub repo](old-release-notes). [gh2242]: https://github.com/tomchristie/django-rest-framework/issues/2242 [gh2243]: https://github.com/tomchristie/django-rest-framework/issues/2243 [gh2244]: https://github.com/tomchristie/django-rest-framework/issues/2244 + +[gh2155]: https://github.com/tomchristie/django-rest-framework/issues/2155 +[gh2218]: https://github.com/tomchristie/django-rest-framework/issues/2218 +[gh2228]: https://github.com/tomchristie/django-rest-framework/issues/2228 +[gh2234]: https://github.com/tomchristie/django-rest-framework/issues/2234 +[gh2255]: https://github.com/tomchristie/django-rest-framework/issues/2255 +[gh2259]: https://github.com/tomchristie/django-rest-framework/issues/2259 +[gh2262]: https://github.com/tomchristie/django-rest-framework/issues/2262 +[gh2263]: https://github.com/tomchristie/django-rest-framework/issues/2263 +[gh2266]: https://github.com/tomchristie/django-rest-framework/issues/2266 +[gh2267]: https://github.com/tomchristie/django-rest-framework/issues/2267 +[gh2270]: https://github.com/tomchristie/django-rest-framework/issues/2270 +[gh2279]: https://github.com/tomchristie/django-rest-framework/issues/2279 +[gh2280]: https://github.com/tomchristie/django-rest-framework/issues/2280 +[gh2289]: https://github.com/tomchristie/django-rest-framework/issues/2289 +[gh2290]: https://github.com/tomchristie/django-rest-framework/issues/2290 +[gh2291]: https://github.com/tomchristie/django-rest-framework/issues/2291 +[gh2294]: https://github.com/tomchristie/django-rest-framework/issues/2294 -- cgit v1.2.3 From 2adfb6c3aa072867981d9bdc06e81ada632e0c4c Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 16:00:49 +0000 Subject: Cleanup extra newline --- docs/topics/release-notes.md | 1 - 1 file changed, 1 deletion(-) (limited to 'docs') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index aaaaeb58..00759479 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -44,7 +44,6 @@ You can determine your currently installed version using `pip freeze`: **Date**: [December 2014][3.0.2-milestone]. - * Ensure `request.user` is made available to response middleware. ([#2155][gh2155]) * `Client.logout()` also cancels any existing `force_authenticate`. ([#2218][gh2218], [#2259][gh2259]) * Extra assertions and better checks to preventing incorrect serializer API use. ([#2228][gh2228], [#2234][gh2234], [#2262][gh2262], [#2263][gh2263], [#2266][gh2266], [#2267][gh2267], [#2289][gh2289], [#2291][gh2291]) -- cgit v1.2.3 From c9a2ce07037475359712104a8a68624e99bdfeb1 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 16:19:02 +0000 Subject: Expand permissions docs. Closes #2223. --- docs/api-guide/permissions.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index ddcefadb..743ca435 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -10,12 +10,24 @@ Together with [authentication] and [throttling], permissions determine whether a Permission checks are always run at the very start of the view, before any other code is allowed to proceed. Permission checks will typically use the authentication information in the `request.user` and `request.auth` properties to determine if the incoming request should be permitted. +Permissions are used to grant or deny access different classes of users to different parts of the API. + +The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds the `IsAuthenticated` class in REST framework. + +A slightly less strict style of permission would be to allow full access to authenticated users, but allow read-only access to unauthenticated users. This corresponds to the `IsAuthenticatedOrReadOnly` class in REST framework. + ## How permissions are determined Permissions in REST framework are always defined as a list of permission classes. Before running the main body of the view each permission in the list is checked. -If any permission check fails an `exceptions.PermissionDenied` exception will be raised, and the main body of the view will not run. +If any permission check fails an `exceptions.PermissionDenied` or `exceptions.NotAuthenticated` exception will be raised, and the main body of the view will not run. + +When the permissions checks fail either a "403 Forbidden" or a "401 Unauthorized" response will be returned, according to the following rules: + +* The request was successfully authenticated, but permission was denied. *— An HTTP 403 Forbidden response will be returned.* +* The request was not successfully authenticated, and the highest priority authentication class *does not* use `WWW-Authenticate` headers. *— An HTTP 403 Forbidden response will be returned.* +* The request was not successfully authenticated, and the highest priority authentication class *does* use `WWW-Authenticate` headers. *— An HTTP 401 Unauthorized response, with an appropriate `WWW-Authenticate` header will be returned.* ## Object level permissions -- cgit v1.2.3 From 530f7a21b3d28ddb24da036e0af6fd7b0a9a2304 Mon Sep 17 00:00:00 2001 From: Brent O'Connor Date: Wed, 17 Dec 2014 10:19:15 -0600 Subject: Fixed a typo --- docs/tutorial/1-serialization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index dea43cc0..20b9d889 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -200,7 +200,7 @@ Open the file `snippets/serializers.py` again, and edit the `SnippetSerializer` model = Snippet fields = ('id', 'title', 'code', 'linenos', 'language', 'style') -One nice property that serializers have is that you can inspect all the fields in a serializer instance, by printing it's representation. Open the Django shell with `python manange.py shell`, then try the following: +One nice property that serializers have is that you can inspect all the fields in a serializer instance, by printing it's representation. Open the Django shell with `python manage.py shell`, then try the following: >>> from snippets.serializers import SnippetSerializer >>> serializer = SnippetSerializer() -- cgit v1.2.3 From 90b8f9221e633797c5ab6a25e6c2a14805d459af Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 16:23:00 +0000 Subject: Use six.BytesIO in tutorial. Closes #2296. --- docs/tutorial/1-serialization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index dea43cc0..aab5ce71 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -163,7 +163,7 @@ Deserialization is similar. First we parse a stream into Python native datatype # This import will use either `StringIO.StringIO` or `io.BytesIO` # as appropriate, depending on if we're running Python 2 or Python 3. - from rest_framework.compat import BytesIO + from django.utils.six import BytesIO stream = BytesIO(content) data = JSONParser().parse(stream) -- cgit v1.2.3 From eeb6e340644eba70b2fd41100db34b159ae6f091 Mon Sep 17 00:00:00 2001 From: Tymur Maryokhin Date: Wed, 17 Dec 2014 17:28:11 +0100 Subject: Docs/tutorial import fixes. Refs #2296 --- docs/api-guide/serializers.md | 8 +++++--- docs/tutorial/1-serialization.md | 2 -- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'docs') diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md index 137cc9d5..b9f0e7bc 100644 --- a/docs/api-guide/serializers.md +++ b/docs/api-guide/serializers.md @@ -22,11 +22,13 @@ The serializers in REST framework work very similarly to Django's `Form` and `Mo Let's start by creating a simple object we can use for example purposes: + from datetime import datetime + class Comment(object): def __init__(self, email, content, created=None): self.email = email self.content = content - self.created = created or datetime.datetime.now() + self.created = created or datetime.now() comment = Comment(email='leila@example.com', content='foo bar') @@ -61,10 +63,10 @@ At this point we've translated the model instance into Python native datatypes. Deserialization is similar. First we parse a stream into Python native datatypes... - from StringIO import StringIO + from django.utils.six import BytesIO from rest_framework.parsers import JSONParser - stream = StringIO(json) + stream = BytesIO(json) data = JSONParser().parse(stream) ...then we restore those native datatypes into a dictionary of validated data. diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index b1baf0dd..ff507a2b 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -161,8 +161,6 @@ At this point we've translated the model instance into Python native datatypes. Deserialization is similar. First we parse a stream into Python native datatypes... - # This import will use either `StringIO.StringIO` or `io.BytesIO` - # as appropriate, depending on if we're running Python 2 or Python 3. from django.utils.six import BytesIO stream = BytesIO(content) -- cgit v1.2.3 From 4f33cfe1a00b410553ad9705354ada7ee8b52c01 Mon Sep 17 00:00:00 2001 From: Brent O'Connor Date: Wed, 17 Dec 2014 14:38:01 -0600 Subject: With httpie 0.8.0 the HTTP method has to come after the auth argument. --- docs/tutorial/4-authentication-and-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index a6d27bf7..592c77e8 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -206,7 +206,7 @@ If we try to create a snippet without authenticating, we'll get an error: We can make a successful request by including the username and password of one of the users we created earlier. - http POST -a tom:password http://127.0.0.1:8000/snippets/ code="print 789" + http -a tom:password POST http://127.0.0.1:8000/snippets/ code="print 789" { "id": 5, -- cgit v1.2.3 From c87e95c23942d2b9c38784a4ad3e9a6d043a4977 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 21:11:06 +0000 Subject: Add missing date --- docs/topics/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 00759479..b9216e36 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -42,7 +42,7 @@ You can determine your currently installed version using `pip freeze`: ### 3.0.2 -**Date**: [December 2014][3.0.2-milestone]. +**Date**: [17th December 2014][3.0.2-milestone]. * Ensure `request.user` is made available to response middleware. ([#2155][gh2155]) * `Client.logout()` also cancels any existing `force_authenticate`. ([#2218][gh2218], [#2259][gh2259]) -- cgit v1.2.3 From 7e9aac98fe2dca54778470030bf71b73b565f50d Mon Sep 17 00:00:00 2001 From: Brent O'Connor Date: Wed, 17 Dec 2014 16:54:04 -0600 Subject: The pre_save method no longer works. This resolved issue #2306 --- docs/tutorial/6-viewsets-and-routers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs') diff --git a/docs/tutorial/6-viewsets-and-routers.md b/docs/tutorial/6-viewsets-and-routers.md index 816e9da6..d55a60de 100644 --- a/docs/tutorial/6-viewsets-and-routers.md +++ b/docs/tutorial/6-viewsets-and-routers.md @@ -44,8 +44,8 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl snippet = self.get_object() return Response(snippet.highlighted) - def pre_save(self, obj): - obj.owner = self.request.user + def perform_create(self, serializer): + serializer.save(owner=self.request.user) This time we've used the `ModelViewSet` class in order to get the complete set of default read and write operations. -- cgit v1.2.3